Re: [fw-wiz] To spoof or not to spoof???? That is the question....
From: Kevin Sheldrake (kev_at_electriccat.co.uk)
Date: 07/30/04
- Previous message: Martin Mačok: "Re: [fw-wiz] I wonder, how to test.."
- In reply to: InHisGrip: "[fw-wiz] To spoof or not to spoof???? That is the question...."
- Next in thread: Frederick M Avolio: "Re: [fw-wiz] To spoof or not to spoof???? That is the question...."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: servie_platon@yahoo.com, firewall-wizards@honor.icsalabs.com Date: Fri, 30 Jul 2004 11:52:08 +0100
Hello
Long time since I've been here; I've changed company twice...
> This is about email spoofing. A long time back, this
> email address of mine was spoofed or atleast being
> used to send malicious worms, beagle variant.
> <SNIP>
>
> I was just wondering why this happened again? I am
> sure that this is not due to my present configuration
> as this problem happened in the past and besides, I
> followed all the suggestions from this group on how to
> secure both my linux box, my home networked PC's and
> my hardware router.
A number of current viri tend to spoof the source address when spreading
to mask the source of the infection. This is done by picking an address
from the address book on the infected machine/user environment. It's
likely that someone who has your address in their address book has been
infected. You can't really do much about it.
> Since this has happened again, I have decided to use
> gnupg for all my machines in the future. However, I am
> just curious as to how this has happened?
Doesn't gnupg (or any PGP varient) require that your recipients use a pgp
varient and that you have a copy of their public key? Could be difficult
convincing all your friends to do so.
> <SNIP>
> The only thing that I may know right now is, when I
> made an online purchase for a product.... though I
> went into a site that is secure as it is a https
> site... I think, someone may have intercepted some of
> my packets and sniffed their way through. Or unless
> otherwise...
Erm, while sniffing HTTPS packets is not impossible, it would most likely
need to be done by someone local to your LAN. Dissecting HTTPS usually
requires an active attack and active filtering. see
http://ettercap.sourceforge.net
Kev
-- Kevin Sheldrake MEng MIEE CEng CISSP Electric Cat (Bournemouth) Ltd _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Martin Mačok: "Re: [fw-wiz] I wonder, how to test.."
- In reply to: InHisGrip: "[fw-wiz] To spoof or not to spoof???? That is the question...."
- Next in thread: Frederick M Avolio: "Re: [fw-wiz] To spoof or not to spoof???? That is the question...."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
